Data Protection Policy
Data Protection Policy Version 3 – 15/03/2023 TM
Introduction:
In the normal course of our business, Skyfleet Limited are required to collect information about people and businesses, with whom we work. This information must be handled properly under the Data Protection Act 1988. This Act regulates the way in which the personal data is handled, that we collect in the course of carrying out our functions and gives certain rights to people whose personal data we may hold.
We consider that the correct treatment of personal data is integral to our successful operations and to maintaining trust of the persons we deal with. We fully appreciate the underlying principles of the Act and support and adhere to its provisions.
We are registered with the Information Commissioner to process personal data. We are named as a data controller under the register kept by the Information Commissioner in accordance with section 19 of the Act.
Data protection principles:
We comply with the 8 data protection principles by ensuring the data is:
1 - Fairly and lawfully processed
2 – Obtained only for specific, lawful purposes
3 - Adequate, relevant and not excessive
4 - Accurate and kept up to date
5 - Not kept longer than necessary
6 - Processed in accordance with the individuals rights
7 - Secure
8 - Not transferred to countries outside the European Economic area unless the country to which the data is to be transferred has adequate protection for the individuals
Scope of policy:
This policy applies to Skyfleet Limited and all its staff, as well as any supplier working on behalf of Skyfleet
Limited.
It applies to all data that the company holds relating to identifiable individuals, even if the information falls outside of the Data Protection Act 1988. This may include names of individuals, postal and email addresses, telephone numbers and any other information relating to individuals.
Risk:
This policy helps to protect Skyfleet Limited and the data that it manages, from data security risks such as: Breaches of confidentiality – information being given out inappropriately
Failure to offer choice – all individuals should be free to choose how the company uses data relating to them
Reputational damage – the company could suffer if hackers successfully gained access to sensitive data